Has anyone installed OpenSSH 3.3p1?

[DominikHoffmann]

After reading today's (06252002) MacInTouch I tried to update OpenSSH to 3.3p1. I installed the "sshd" group and "sshd" user using

sudo -s
mkdir /var/empty
chmod 755 /var/empty
niutil -create . /groups/sshd
niutil -appendprop . /groups/sshd gid 2109
niutil -appendprop . /groups/sshd passwd \*
niutil -appendprop . /groups/sshd users sshd
niutil -create . /users/sshd
niutil -appendprop . /users/sshd uid 7797
niutil -appendprop . /users/sshd gid 2109
niutil -appendprop . /users/sshd passwd \*
niutil -appendprop . /users/sshd home /var/empty
niutil -appendprop . /users/sshd shell /dev/null
exit

I then did

./configure

which reported

checking whether OpenSSL's headers match the library... no
configure: error: Your OpenSSL headers do not match your library

Any idea how to approach this problem?

 

[DominikHoffmann]

User ramseyp of the MacNN forums posted a reply to a related post, which uses a configure command with different options. However, when I use that command, I still get the notification about the library mismatch.

 

[jimr]

you should go to http://www.openssl.org/
get the distribution from there.

the problem here is the configure process is a bit strange

on the surface...
openssl 0.9.6d
move the /usr/lib/libssl* and
/usr/lib/libcrypto*
files and symbolic links out of the way.
then
./config shared --prefix=/usr ¥
--openssldir=/System/Library/OpenSSL ¥
is all you need do..... however.....
though you "may" want to fix the Configure file a little more.
search "darwin" in your favorite text editor on that file.
you will get toa section that looks like this make it be this....

##### MacOS X (a.k.a. Rhapsody or Darwin) setup
"rhapsody-ppc-cc","cc:-O3 -DB_ENDIAN:unknown)::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:::",
"darwin-ppc-cc","cc:-O3 -fomit-frame-pointer -Wall -D_DARWIN -DB_ENDIAN -DUSE_TOD::-D_REENTRANT::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:::::::::::darwin-shared:-fno-common:-fPIC:.¥$(SHLIB_MAJOR).¥$(SHLIB_MINOR).dylib",

then save and give it the ./config from above
make
make test
make install (as sudo or root)
and the new libs and man pages have been installed and the directory in /System/Library will have the right amount of nothing much....
move over to
openssh 3.3p
./configure --with-tcp-wrappers --without-rsh --prefix=/usr --mandir=/usr/man --sysconfdir=/private/etc

if you don't have the libwrap the config is going to fail. See older posts at stepwise for some information about how to do it...

make
there is no test
make install
------------------------
ssh -V
OpenSSH_3.3, SSH protocols 1.5/2.0, OpenSSL 0x0090604f
---------------------------
if you have a (some)linux machine there is a bug where you should set Compression no in your sshd config in order to get it to work.

MacOSX seems to be unaffected by the bug.

 

[DominikHoffmann]

I followed the instructions of rantweasel in a similar thread at the MacNN forums. I can now report

[localhost:~] admin% ssh -V
OpenSSH_3.3, SSH protocols 1.5/2.0, OpenSSL 0x0090602f

.

 

[Koelling]

I am reading articles on slashdot and other places about a security hole in openSSH, does anyone know if that affects us and if there is an easy way to get this new 3.4 version?

 

[DominikHoffmann]

Yes, follow rantweasel's instructions. It's not as simple as waiting and letting Apple pop something into Software Update, but won't leave you exposed until then.